package com.laopan.wxpay.utils;

import com.laopan.wxpay.WxConstants;
import org.springframework.core.io.ClassPathResource;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;

/**
 * 微信支付获取私钥工具类
 *
 * @author 微信SDK 自带
 * @className PemUtil
 * @date 2021/2/22 13:46
 */
public class PemUtils {

    public static PrivateKey loadPrivateKey(String privateKeyPath) {
        InputStream inputStream = ClassPathResource.class.getResourceAsStream(privateKeyPath);
        if (inputStream == null) {
            return null;
        }
        return loadPrivateKey(inputStream);
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) {
        try {
            ByteArrayOutputStream array = new ByteArrayOutputStream();
            byte[] buffer = new byte[1024];
            int length;
            while ((length = inputStream.read(buffer)) != -1) {
                array.write(buffer, 0, length);
            }
            String privateKey = array.toString("utf-8")
                    .replace("-----BEGIN PRIVATE KEY-----", "")
                    .replace("-----END PRIVATE KEY-----", "")
                    .replaceAll("\\s+", "");
            KeyFactory kf = KeyFactory.getInstance("RSA");
            return kf.generatePrivate(
                    new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("当前Java环境不支持RSA", e);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("无效的密钥格式");
        } catch (IOException e) {
            throw new RuntimeException("无效的密钥");
        }
    }

    public static X509Certificate loadCertificate(String certificatePath) {
        InputStream inputStream = ClassPathResource.class.getResourceAsStream(certificatePath);
        if (inputStream == null) {
            return null;
        }
        return loadCertificate(inputStream);
    }

    public static X509Certificate loadCertificateByStr(String certificateInfo) {
        InputStream inputStream = ClassPathResource.class.getResourceAsStream(certificateInfo);
        if (inputStream == null) {
            return null;
        }
        return loadCertificate(inputStream);
    }

    public static X509Certificate loadCertificate(InputStream inputStream) {
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X509");
            X509Certificate cert = (X509Certificate) cf.generateCertificate(inputStream);
            cert.checkValidity();
            return cert;
        } catch (CertificateExpiredException e) {
            throw new RuntimeException("证书已过期", e);
        } catch (CertificateNotYetValidException e) {
            throw new RuntimeException("证书尚未生效", e);
        } catch (CertificateException e) {
            throw new RuntimeException("无效的证书", e);
        }
    }

    public static String getMerPath(String mchId, String rootPath, String suffix) {
        if (rootPath == null || rootPath.trim().length() == 0) {
            rootPath = WxConstants.DEFAULT_ROOT_PATH;
        }
        return rootPath + "/" + mchId + suffix;
    }
}
